Restrict Access to telnet Service
Tomas Mraz
tmraz at redhat.com
Fri Jul 8 07:39:50 UTC 2005
On Fri, 2005-07-08 at 00:12 +0200, harald.schwier at freenet.de wrote:
> Hallo,
> Thanks for your Replay
> > Assuming that your telnet server supports pam and that it's correctly
> > configured, you probably want your config file to look something like:
> >
> > auth required pam_listfile.so item=user sense=deny
> > file=/etc/ssh/ssh_denied_users onerr=succeed
> > # stack to go through regular auth mechanism, whatever it is...
> > auth required pam_stack.so service=system-auth
> > auth required pam_nologin.so
> > account required pam_stack.so service=system-auth
> > password required pam_stack.so service=system-auth
> > session required pam_stack.so service=system-auth
> > session required pam_limits.so
> > session optional pam_console.so
>
> Telnet is restrikted if i put these entries in the /etc/pam.d/login file. But now only
> the users in access-file are alowed to log in at the console. How is it possible
> to allow to login at the console to everybody?
Use pam_access instead of pam_listfile. It allows for more specific
access rules.
--
Tomas Mraz <tmraz at redhat.com>
More information about the Pam-list
mailing list